Warning for Connected Farming Technology

Monday, October 8, 2018 @ 05:10 PM gHale

Source: DHS

Because of a reliance on embedded and connected technologies to improve agricultural and livestock management, precise agriculture is exposed to vulnerabilities and cyber threats, said a new report from the Department of Homeland Security (DHS).

Over the years, the adoption of precision agriculture technology has continued to rise, which has also introduced various cyber risks.

The findings of the report stem from visits and interviews at large farms and precision agriculture technology manufacturers in the United States.

Technologies that allow for a more precise application of agricultural and livestock management inputs (fertilizer, seeds, and pesticides) to lower costs and improved yields, also expose the agricultural sector to vulnerabilities, the paper said.

Cyber threats facing precision agriculture’s embedded and digital tools, however, are consistent with those of other connected industries. The malicious attacks targeting these tools usually have the same purpose too, including data and resource theft, reputation loss, destruction of equipment, or gaining an improper financial advantage over a competitor.

“Therefore, improper use of USB thumb drives, spear-phishing, and other malicious cyber-attacks, are readily available threat vectors for an attack; and the generally accepted mitigation techniques in other industries are largely sufficient for creating a successful defense-in-depth strategy for precision agriculture,” the report said.

What makes precision agriculture unique, however, is the fact that a highly mechanical labor-intensive industry is now connected online, which dramatically increases the attack surface for attackers. Thus, threats that would otherwise be viewed as common, “may have unique and far-reaching consequences on the agricultural industry,” the DHS said.

Key threats to the sector include intentional theft of data, intentional publishing of confidential information, access to unmanned aerial system (UAS) data, sale of confidential data, falsification of data for disruption purposes, introduction of rogue data to damage a crop or herd, disruption to positioning, navigation, and timing (PNT) systems, and disruption to communication networks.

The report also gave a series of key controls designed to mitigate the threats: Email and browser protections, control over network ports and hardware and software assets, account monitoring, data recovery capabilities, data protection, and incident response and management, among other.